Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/iliJ_nG0T8uwGGUPlGMrH0Xcj20.roa
File:                     iliJ_nG0T8uwGGUPlGMrH0Xcj20.roa (raw, json)
Hash identifier:          SbFzRhmI+okvarbNZkgRpsxQvYz7QJFsmUAAIVyYeQE=
Subject key identifier:   8A:58:89:FE:71:B4:4F:CB:B0:18:65:0F:94:63:2B:1F:45:DC:8F:6D
Certificate issuer:       /CN=f93ac6cd2240249bba60171f086e9101cc87ca24
Certificate serial:       018CC5DC86C8EAF5E97E65F64D88066D5785
Authority key identifier: F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/iliJ_nG0T8uwGGUPlGMrH0Xcj20.roa
Signing time:             Mon 01 Jan 2024 16:30:12 +0000
ROA not before:           Mon 01 Jan 2024 16:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27323
IP address blocks:        45.14.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:86:c8:ea:f5:e9:7e:65:f6:4d:88:06:6d:57:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f93ac6cd2240249bba60171f086e9101cc87ca24
        Validity
            Not Before: Jan  1 16:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a5889fe71b44fcbb018650f94632b1f45dc8f6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ea:d1:24:4f:83:b4:2e:06:e2:d7:7d:0f:3f:
                    26:dc:98:40:df:84:da:c5:15:4f:53:9a:c7:75:ce:
                    a1:7d:a2:41:68:81:97:a8:25:25:14:6d:28:80:d8:
                    38:d6:99:a3:2e:e9:e9:7e:2e:d4:58:fb:6b:76:08:
                    06:6a:1e:a1:b9:58:19:97:63:8f:5e:33:ea:0e:4d:
                    d6:99:45:27:ef:01:fd:77:a2:9d:9b:d6:3c:fc:45:
                    22:9b:2c:27:63:5d:57:23:b7:9a:f2:b2:57:17:99:
                    99:0f:2e:d9:5c:be:c8:08:52:3a:b3:5b:20:32:42:
                    fc:e6:43:4d:5c:0c:46:f3:ea:8d:b6:64:ec:5f:29:
                    82:db:77:91:64:07:b8:75:30:fb:3e:fc:da:17:d9:
                    e3:bb:bd:04:0f:65:ab:15:5b:7a:ca:6d:45:66:3d:
                    cf:96:01:b1:fe:99:82:2d:be:4d:26:72:66:f1:6a:
                    eb:5f:73:d0:76:d3:72:a8:56:53:97:af:39:b6:48:
                    23:be:2e:14:e6:7e:07:7c:9b:fe:cb:e1:81:34:2b:
                    ae:ec:ff:97:8a:57:93:34:0d:06:7c:64:b0:92:cb:
                    98:4b:34:a6:9c:07:90:61:1f:74:e5:6b:d9:a6:16:
                    19:92:cc:dd:16:76:02:77:6d:ae:88:db:20:b1:11:
                    a9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:58:89:FE:71:B4:4F:CB:B0:18:65:0F:94:63:2B:1F:45:DC:8F:6D
            X509v3 Authority Key Identifier:
                keyid:F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/iliJ_nG0T8uwGGUPlGMrH0Xcj20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:3c:0d:90:e3:dc:4a:77:30:4c:45:b8:27:0f:1b:6d:9b:ac:
         98:c1:6c:7e:c2:f5:cf:11:6a:64:3e:bf:bd:74:70:8f:24:c6:
         9d:bb:75:08:8b:85:42:07:bc:cf:01:40:22:92:13:2a:ba:b4:
         fb:80:43:47:34:f9:83:a8:8f:81:15:0a:84:4d:01:8c:bb:33:
         12:52:c9:a1:3f:c9:bb:60:f3:8f:bf:db:a3:cd:88:a0:83:fb:
         ac:d9:1a:b8:a1:25:09:bc:e4:5e:59:0d:70:f8:0d:55:0b:85:
         f9:d4:da:a9:a2:ed:db:24:dd:a8:b2:c0:86:a1:02:2b:86:ec:
         09:be:92:0d:3e:22:77:13:02:bd:5f:a8:60:99:d7:b4:8e:71:
         c5:5a:b3:20:21:5c:3a:61:a0:97:f4:e8:e0:56:38:0b:55:17:
         e3:31:8f:de:6f:c8:d1:08:6c:75:22:f4:9b:f0:04:8b:25:7e:
         12:dd:06:09:37:04:dc:9d:09:9d:38:23:5e:0a:c6:2b:eb:42:
         78:9b:93:65:9e:c4:ac:10:f1:68:47:46:a7:e6:64:4c:0d:8a:
         af:73:e9:a1:f5:3e:11:c2:73:e3:89:04:f4:59:5e:cb:d4:9f:
         5a:3c:ab:92:ef:d5:07:a3:18:a8:7f:c1:34:3a:df:1e:de:18:
         bb:29:e2:ab
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3IbI6vXpfmX2TYgGbVeFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5M2FjNmNkMjI0MDI0OWJiYTYwMTcxZjA4NmU5MTAxY2M4
N2NhMjQwHhcNMjQwMTAxMTYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTU4ODlmZTcxYjQ0ZmNiYjAxODY1MGY5NDYzMmIxZjQ1ZGM4ZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+rRJE+DtC4G4td9Dz8m3JhA34Ta
xRVPU5rHdc6hfaJBaIGXqCUlFG0ogNg41pmjLunpfi7UWPtrdggGah6huVgZl2OP
XjPqDk3WmUUn7wH9d6Kdm9Y8/EUimywnY11XI7ea8rJXF5mZDy7ZXL7ICFI6s1sg
MkL85kNNXAxG8+qNtmTsXymC23eRZAe4dTD7PvzaF9nju70ED2WrFVt6ym1FZj3P
lgGx/pmCLb5NJnJm8WrrX3PQdtNyqFZTl685tkgjvi4U5n4HfJv+y+GBNCuu7P+X
ileTNA0GfGSwksuYSzSmnAeQYR905WvZphYZkszdFnYCd22uiNsgsRGpnwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIpYif5xtE/LsBhlD5RjKx9F3I9tMB8GA1UdIwQY
MBaAFPk6xs0iQCSbumAXHwhukQHMh8okMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Uckd6U0pBSkp1NllCY2ZDRzZSQWN5SHlpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNl
LWY3NTJkODE2MDVmYi8xL2lsaUpfbkcwVDh1d0dHVVBsR01ySDBYY2oyMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNlLWY3NTJkODE2MDVm
Yi8xLzEtVHJHelNKQUpKdTZZQmNmQ0c2UkFjeUh5aVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtDnMw
DQYJKoZIhvcNAQELBQADggEBAE88DZDj3Ep3MExFuCcPG22brJjBbH7C9c8RamQ+
v710cI8kxp27dQiLhUIHvM8BQCKSEyq6tPuAQ0c0+YOoj4EVCoRNAYy7MxJSyaE/
ybtg84+/26PNiKCD+6zZGrihJQm85F5ZDXD4DVULhfnU2qmi7dsk3aiywIahAiuG
7Am+kg0+IncTAr1fqGCZ17SOccVasyAhXDphoJf06OBWOAtVF+Mxj95vyNEIbHUi
9JvwBIslfhLdBgk3BNydCZ04I14KxivrQnibk2WexKwQ8WhHRqfmZEwNiq9z6aH1
PhHCc+OJBPRZXsvUn1o8q5Lv1QejGKh/wTQ63x7eGLsp4qs=
-----END CERTIFICATE-----